[guardian-dev] Format of exported subkeys from gnupg

Werner Koch wk at gnupg.org
Fri Jul 20 09:29:54 CEST 2012

On Fri, 20 Jul 2012 00:20, tom at ritter.vg said:

> outputs. http://tools.ietf.org/html/rfc4880#section-5.5.3  Fortunetly,
> it's much easier than working with S-Expressions (IMO at least.)

Hans worked on GnuPG 2.1 which has an easy way to access the secret key

  $ gpg2 -K --with-keygrip CD8687F6
  sec   1024D/CD8687F6 2006-01-17
        Keygrip = 21EB68B1FFA01EF777E2D0B1A92A2276D82C2F1C
  uid                  Heinrich Heine <heinrichh at duesseldorf.de>
  ssb   1024g/4ECFEF6F 2006-01-17
        Keygrip = 654EFA6F19DF08ABFEB88092BC4867D4C5A95460

If you want to script that you should add --with-colons and a grep for
"^grp:".  Now with the keygrip you can locate the secret key:

  $ ls ~/.gnupg/private-keys-v1.d/654EFA6F19DF08ABFEB88092BC4867D4C5A95460.key

Now if you have not set a passphrase (check out "gpg2 --passwd") you may
use gpg-protect-tool to convert the S-expression into the advanced

  $ /us[...]/libexec/gpg-protect-tool ~/.gnu[...]67D4C5A95460.key
    (p #00A6B1DAED[...]#)
    (g #05#)
    (y #00BC5B46C0[...]#)
    (x #03C544C345[...]#)
Libgcrypt has a parser for it.  You should find example code to extract
stuff in libgcrypt/tests/.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-devel mailing list